The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis.

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

Read also: 22 Chinese Cybercriminals Get Long Prison Sentences In Zambia, two Bangladeshi cops accused of selling citizens’ data, and more.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud. In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise. An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim into handing over personal information or money or taking an unwise action.

Malware, short for malicious software, is a program that is intentionally designed to harm computer systems and devices. In 2022, 5.5 billion malware attacks occurred around the world. Cybercriminals often use malware to cause damage to a system, take control of your device, spy on your web activity or steal personal data for financial gain. Individuals are targeted with malware through methods such as phishing, smishing and vishing which are types of social engineering.

Discover how to harness the power of employee feedback using surveys to build a thriving, successful organization that attracts and retains top talent, drives innovation, and delivers exceptional results.

My hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation. The hackers pulled off a first-of-its-kind scam that leveraged a phishing email as the initial attack vector followed by a deepfake video call. In this instance, there was enough information to establish a perceived authority for a finance worker who transferred a total of HK$200 million in 15 transactions to five different Hong Kong bank accounts until the scam was detected.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Didn’t take them long did it?

Google Cloud HSM (Hardware Security Module) is a cloud service offered by Google that delivers secure key storage and cryptographic operations within a hardware environment that is set apart from any other instances. In contrast to HSMs, these hardware devices originated for the purpose of keeping cryptographic keys safe and executing cryptographic operations in a secure, tamper-resistant manner.

Cybersecurity compliance is complicated. As industry standards change and evolve with new technology, so do compliance requirements. Depending on your organization’s operations, industry, or even location, compliance could mean adhering to multiple frameworks and reporting to multiple governing bodies. In fact, 67% of organizations surveyed by Arctic Wolf follow between one to three sets of guidelines.